Password-stealing keyloggers skyrocket

Current News Updates

Password-stealing keyloggers skyrocket

Hackers are on target to release more than 6,000 keystroke loggers in 2005, a 65 per cent increase from the 3,753 keyloggers released last year, according to security intelligence organisation iDefense.
The programs are an increasingly popular tool among identity thieves.

Each variant could lead to anything from a few to several thousand infections, Ken Dunham, senior engineer at iDefense, said. Keylogger software typically tracks keystrokes on infected computers and is used to try to steal sensitive information such as user names and credit card data.

The biggest problem with keyloggers, which silently relay data to attackers, is that they often go undetected, easily slipping past firewalls and antivirus software, iDefense, a division of VeriSign, said. 'There are so many victims because so few know the risk or the early warning signs,' Joe Payne, vice president of VeriSign iDefense Security Intelligence Services, said in a statement. 'You simply can't stop what you can't see.' Early warning signs can include slow performance of a PC, a spike in pop-up messages and other problems.

Computers can become infected with keyloggers in a variety of ways, such as through downloading spyware or e-mail attachments, or through a visit to a chat room or simply to the wrong Web site. The programs typically exploit flaws in Web browser software, including Microsoft's Internet Explorer.

Five years ago iDefense recorded only 300 such programs, demonstrating a huge growth in a strain of malware that has become a favourite with cybercriminals as a preferred tool to plunder online banking accounts.

A keylogger is a form of malware program that instalsl itself surreptitiously, records keystrokes made on the infected computer and sends this data to hackers. Once a keylogging program is activated, it provides fraudsters with any strings of text a person might enter online, placing personal data and online account information at risk. Largely distributed by organised cyber theft groups, keyloggers are typically packaged with phishing emails or spyware programs.

Using account information to impersonate victims, hackers run up charges averaging $3,968 per victim, according to a recent survey by US insurance firm Nationwide Mutual. Sixteen percent of victims were required to pay for at least some of this fraud, and spent an average of 81 hours to resolve their cases, the Nationwide Mutual survey reports.